quasar | 641a1a8dd5377977e5d961268e88b5cfcaa679191cbf0ea34a53f8132a342b0f | Triage

Submit
Reports

Overview

overview

Static

static

3

150169f8a2...03.exe

windows7-x64

150169f8a2...03.exe

windows10-2004-x64

Sharing

General

Target

7b79bbfe338448b0de6662150.bin
Size

11.2MB
Sample

230630-n7gbraaf7z
MD5

078e14f5a5563a97927da4d5bd8aed7b
SHA1

c4b3d48d8e44a17f9163d3270e14138d8f977e13
SHA256

641a1a8dd5377977e5d961268e88b5cfcaa679191cbf0ea34a53f8132a342b0f
SHA512

86bb949ef1b81b3fd40854d1715494f58ee4e2eecd3d1024dc118cc4b9ad3ce872b6ef0322d3dfd3e1bf6e8e5afb23184bed15e4fd5aecd585a949e96639c079
SSDEEP

196608:fYnBTvDg0s+Hs6BwLpxCB8LHZHQv5Gk4z9TkNdlteq8LV/SiaEH9mNXmrtFZ3toV:fYnpm+MK8pFHOGt9TgLteqypSialNXm6

Score

10^/10

quasar office04 spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

150169f8a2862e4c977fe99b4d6a1af4e2169deae6d76d64434af35633c01e03.exe

Resource

win7-20230621-en

quasar office04 spyware trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

150169f8a2862e4c977fe99b4d6a1af4e2169deae6d76d64434af35633c01e03.exe

Resource

win10v2004-20230621-en

quasar office04 spyware trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.1.237:4782

Mutex

08ac4250-96f9-44da-b030-99dcc4597b28

Attributes

encryption_key
D43A8C9C8C9A74741CBEA4F1A01C53C2F8DF8AC2
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  150169f8a2862e4c977fe99b4d6a1af4e2169deae6d76d64434af35633c01e03.exe
- Size
  
  11.3MB
- MD5
  
  7b79bbfe338448b0de666215060d2cbc
- SHA1
  
  d8ca513e1e85e1a8dd6a81824f86064fad19419a
- SHA256
  
  150169f8a2862e4c977fe99b4d6a1af4e2169deae6d76d64434af35633c01e03
- SHA512
  
  e621286081db8ea041aaf148b233d52d8c4fdfd5ef0fa5327e17622ff3e19d8c6b6c25881b3f396e93c7aaacd0ed3e3baca7be59a508a5232534e3f777a99e50
- SSDEEP
  
  196608:ChTb9B0BPrDz4pxgZZPy5RmStgxb/z6FDiSJXqeUh4mT+uFk8spbVgo87e8YU:sTb9epDz4MZZ4RmxYDiScfhHjeV+vK8Y
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy